<?php
/**
 * TestGuest Version1.0
 * ================================================
 * Copy 2017-2018 zxj
 * Web: http://www.zhaoxiaojie.club
 * ================================================
 * Author: Zxj
 * Date: 17/8/9
 * Time: 下午4:31
 * 验证登录
 *
 */
//1.设置响应头
    header('content-type:text/html;charset=utf-8');

//2.开启session
    session_start();

//3.接收与判断
    if(isset($_POST['submit'])){

        $username = addslashes(trim($_POST['username']));
        $password = addslashes(trim($_POST['password']));
        $code = trim($_POST['code']);

        //验证验证码是否为空
        if(empty($code)){

            echo "<script type='text/javascript'>alert('验证码不能为空!');history.back();</script>";
            exit();

        }

        //验证验证码是否正确
        if(strtolower($_SESSION['code'])!=strtolower($code)){

            echo "<script type='text/javascript'>alert('验证码错误!');history.back();</script>";
            exit();

        }

        if(empty($username)||empty($password)){

            echo "<script type='text/javascript'>alert('用户名或密码不能为空!');history.back();</script>";
            exit();

        }

        //md5加密密码
        $password = md5($password);

        //连接数据库,判断用户名和密码是否正确
        include_once 'common/mysql.inc.php';
        $sql = "select * from bbs_user where username = '$username' limit 1";
        $res = mysql_query($sql);
        $row = mysql_fetch_assoc($res);
        //释放资源
        mysql_free_result($res);
        if(empty($row)){

            echo "<script type='text/javascript'>alert('该用户不存在!');history.back();</script>";
            exit();

        }

        if($row['password']!=$password){

            echo "<script type='text/javascript'>alert('用户名或密码错误!');history.back();</script>";
            exit();

        }

        if($row['password']==$password){

            //登录成功

            //var_dump($row);
            //用户名保存在session中
            $_SESSION['adminuser'] = $row['username'];
            $_SESSION['id'] = $row['id'];
            //echo '<script>window.location.href="index.php"</script>';
            //header("Location:index.php");
            echo "<script type='text/javascript'>alert('登陆成功!');window.location.href='index.php'</script>";
            exit();

        }


    }

        //关闭连接
        mysql_close($link);

?>